Areas that require high levels of security i.e. government or military institutions, require an approach for securely erasing data from storage devices in such a way that it is not retrievable by a specified level of threat agent. Private businesses and other users can also retain a motivation to ensure that sensitive information is not made accessible to others through the inadequate removal of data from a non-volatile memory. Additionally, the continued adoption of privacy and data protection legislation implies that there is an increasing shift toward erasing personal or sensitive information in a secure manner.
A commonly used way to securely prevent data recovery from a storage device such as a magnetic hard disk or a USB pen drive is to overwrite all of the addressable parts of the disk at least once using a predetermined overwriting pattern. Many standards for such overwriting of data exist and these standards are based on the differing security requirements of national and/or military institutions and interpretation of the perceived level of security required for the information, e.g. “Top Secret” or “Classified”. Overwriting of data in most cases enables the continued use of the storage device after the erasure process, which represents more value as an asset with continued use than physically destroying the disk.
Over the last few years developments in storage technology have brought Solid State Drives (SSDs) to mass market. Unlike standard magnetic hard drives, SSDs are, typically, NAND flash-based semiconductor devices that do not rely on moving parts. Since SSDs have not been in existence for very long, a transition period in the development of their security aspects and the uniform standards required to control the drives is still ongoing. As an example, empirical data published in a recent study from Wei et al., entitled “Reliably Erasing Data From Flash-based Solid State Drives”, concluded that not all SSD manufacturers have succeeded in the full implementation of the relative command set (i.e. SCSI or ATA) for SSDs, thereby possibly causing vulnerability in security of data through the inconsistent success of the data erasure command(s).